28 matches found
Spoofing
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the inode and its previous parent directory were logged before, we are not supposed to have the dentry f...
Design/Logic Flaw
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
distribution catalog API endpoint can lead to OOM via malicious user input
Impact Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request. Patches Upgrade to at least 2.8.2-beta.1 if you are running v2.8.x release. If you use the code...
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata aka CID-d0c7feaf8767.
...
CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...
CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...
openSUSE Security Update : adminer (openSUSE-2018-253)
This update for adminer fixes the following issues : - Sync up conditional sub-packages with devel package to disable uninstallable pacakges for boo1002214. - Update to version v4.4.0 for boo1083948 to resolve CVE-2018-7667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
Incorrect hardware status returned from vCenter 5 when collected through vSphere API
Challenge When nworks uses "Refresh Hardware" calls, hardware status is not updated on vSphere 5 Cause vSphere 5 does not update the hardware status data available through API - this can be verified in vSphere Managed Objects Browser, which shows an outdated status, while the host MOB will show t...